Comment by joeyhage
15 days ago
Completely agree - have you encountered this before? The Gmail plus sign alias trick has been widely known for a long time and, to my knowledge, still works well today. It would be easy enough for websites to either block + in gmail addresses or instead grab the true email.
Some sites that block "+" in email addresses are actually just doing it out of incompetence. My credit union, for example, will actually accept an address with a "+" in it, but nothing will work because some broken bit of web 1.0 plumbing along the way converted it to a space (it shows up that way on my profile page). I wouldn't be surprised to see " " on my printed bank statements.
Oh yes, so many websites are incompetent like that.
And of course after registering with foo+bar@example.com they will happily send invoices to bar@example.com
Gmail also have "googlemail.com" alias and you can split your username with dots since they dont count like "user@gmail.com" and "u.s.e.r@gmail.com" are the same thing,
Nothing of it solves privacy though.
Spammers know to just cut out the +whatever. It's a simple regex to keep those from even getting into a database.
The + has no special meaning in the standards, and thus removing it will just result in invalid addresses in many cases…
Doesn't matter. Most email services[1] use it the way Gmail does and spam is a numbers game. Losing a few valid addresses is worth correlating all those other addresses for most spammers.
Standards only matter to nerds like us.
[1] https://proton.me/blog/what-is-email-alias#5
2 replies →
They can check if it's Gmail though.
Guess what? There are some dumb website or applications complaining that the email address is invalid.